Proper Way to Configure a Domain which never sends emails
Scott Morizot
tmorizot at gmail.com
Tue Aug 20 13:42:00 UTC 2019
On Tue, Aug 20, 2019 at 5:46 AM Ignacio García <yo at ignasi.com> wrote:
> El 20/08/2019 a las 9:28, Marco Davids via bind-users escribió:
> > A TXT _dmarc.domain.tld "v=DMARC1; p=reject" might also be useful.
> >
>
> Wouldn't that imply having DKIM set up for the domain?
>
>
>
Short answer is no since nothing in DMARC requires DKIM. It requires that
an email has passed *either* an SPF or a DKIM check and if a DKIM signature
is present that it correctly validates. If the SPF policy is set to reject
all and the DMARC policy is set to reject if the checks fail, that's a
pretty good way to explicitly state this domain does no email whatsoever
for anyone who cares. (Speaking as someone who manages the DNS and DKIM
signing at work for a domain that malicious actors do love so much that
I've even seen it used as an example in some of the DMARC docs. /g )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190820/895f27c9/attachment.html>
More information about the bind-users
mailing list